|
To: Bill Irwin Technical
Support Engineer RE: http://list.cobalt.com/pipermail/cobalt-security/2001-May/001891.html
Raq3 caught in a reboot loop after Kernel 4.0.1 update I have two Raq3s. One with CommuniTech.net (CT) and one with 4WebSpace
(4WS). I always add patches to my 4WS Raq, and let it run for a few days before
I patch my other Raq at CT. After applying the kernel update 4.0.1, my Raq3 was
caught in a continual reboot according to 4WS support. They told me that they
rebooted to the ROM kernel, and everything is running just fine, but I need to
do a complete reload of my Raq3 otherwise every time I reboot, it will get
caught in the loop again. Is there any chance that I can just reverse the patch, and not go
through the time, effort and cost of a reload? If not, what are the security
risks, or differences in running off of the ROM kernel for more than a few days
before I reload the machine? Below is the information you requested (dated May 1st) ============================= 1 what was installed (ie, third party stuff) ============================= List of security apps installed 1. LogCheck 2. PortSentry 3. Chkrootkit 4. SSH from ssh.com not OpenSSH 5. PM Firewall install for IP Chains, but it is not running (upgraded IP
chains via RPM) Other apps installed (a few months ago) 1. Webalizer 1.3 via Cobalt pkg, later uninstalled 2. Webalizer Raq3iRelease 2.00.12-2. A pkg that was announced on the
user list 3. ApacheJServ (Apache-Java Servlet Engine) for Cobalt i386Release 1.1-1
(pkg from Cobalt) The Java packages didn’t seem to work. They were installed months ago. 4. RaQ3-all-CMU Release 1.1-22 5. Urchin for Raq was installed a few months ago, and uninstalled after
the 30 day trial. Security apps were installed from source (my Raq3 at CT was hacked
through Bind a couple months ago and had to be reloaded). Other apps were all
pkg files. I don’t have PHP, MySQL or any of the other popular apps installed.
They are somewhere far down my “to do” list. =================================== 2 what patches you had installed prior to install? =================================== I usually wait a couple months before applying patches, for this exact
reason. Both of my Raq3s were running fine for the past couple months with all
patches up to and including the vixie-cron Update 4.0.1. I had some error
messages “zcat: stdout: Broken pipe” from the cron.daily after the vixie
update, but nothing major. There was a post on how to fix the error message,
and it had to do with recreating the crond link entries. This fixed the
problem. Then on May 28th, I first applied 3 patches. 2. Security: URL Attack Exposure 4.0.1 and 3. Update: RPM 4.0.1 I then rebooted, because after 3 patches I wanted to make sure the
server was OK before applying a kernel update. The server came up just fine, so
I continued to apply the kernel update. 4. Kernel update 4.0.1 After reboot, I was unable to access my server until 4WS support booted
of the ROM kernel. ====================== 3 Any hardware upgrades, etc ====================== I lease the dedicated Raq3 from 4WS, so I’m not aware of any hardware
upgrades besides the memory upgrade from 32 to 128 that I paid for when I first
got my server. Please reply to the first couple questions regarding a complete server
reload. I would rather not go through the expense of a reload if I don’t have
to. The server has been running just fine for almost a week, but I can’t
reboot. Feel free to contact me if you have any
questions or comments. Thanks, Ken Reilly Phone (651)
329-7711 Toll Free
1(877) 435-5416 Fax 1(877)
794-0612 |